CVE-2022-21687 - OpenCVE

gh-ost is a triggerless online schema migration solution for MySQL. Versions prior to 1.1.3 are subject to an arbitrary file read vulnerability. The attacker must have access to the target host or trick an administrator into executing a malicious gh-ost command on a host running gh-ost, plus network access from host running gh-ost to the attack's malicious MySQL server. The `-database` parameter does not properly sanitize user input which can lead to arbitrary file reads.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Github	Gh-ost

Configuration 1 [-]

cpe:2.3:a:github:gh-ost:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/github/gh-ost/commit/a91ab042de013cfd8fbb633763438932d9080d8f
https://github.com/github/gh-ost/security/advisories/GHSA-rrp4-2xx3-mv29

History

No history.

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2022-02-01T11:56:17

Updated: 2024-08-03T02:46:39.432Z

Reserved: 2021-11-16T00:00:00

Link: CVE-2022-21687

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-02-01T12:15:08.200

Modified: 2022-02-04T17:09:05.193

Link: CVE-2022-21687

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "gh-ost is a triggerless online schema migration solution for MySQL. Versions prior to 1.1.3 are subject to an arbitrary file read vulnerability. The attacker must have access to the target host or trick an administrator into executing a malicious gh-ost command on a host running gh-ost, plus network access from host running gh-ost to the attack's malicious MySQL server. The `-database` parameter does not properly sanitize user input which can lead to arbitrary file reads."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-02-01T11:56:17", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/github/gh-ost/security/advisories/GHSA-rrp4-2xx3-mv29"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/github/gh-ost/commit/a91ab042de013cfd8fbb633763438932d9080d8f"}], "source": {"advisory": "GHSA-rrp4-2xx3-mv29", "discovery": "UNKNOWN"}, "title": "Command injection in gh-ost", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-advisories@github.com", "ID": "CVE-2022-21687", "STATE": "PUBLIC", "TITLE": "Command injection in gh-ost"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "gh-ost is a triggerless online schema migration solution for MySQL. Versions prior to 1.1.3 are subject to an arbitrary file read vulnerability. The attacker must have access to the target host or trick an administrator into executing a malicious gh-ost command on a host running gh-ost, plus network access from host running gh-ost to the attack's malicious MySQL server. The `-database` parameter does not properly sanitize user input which can lead to arbitrary file reads."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/github/gh-ost/security/advisories/GHSA-rrp4-2xx3-mv29", "refsource": "CONFIRM", "url": "https://github.com/github/gh-ost/security/advisories/GHSA-rrp4-2xx3-mv29"}, {"name": "https://github.com/github/gh-ost/commit/a91ab042de013cfd8fbb633763438932d9080d8f", "refsource": "MISC", "url": "https://github.com/github/gh-ost/commit/a91ab042de013cfd8fbb633763438932d9080d8f"}]}, "source": {"advisory": "GHSA-rrp4-2xx3-mv29", "discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T02:46:39.432Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/github/gh-ost/security/advisories/GHSA-rrp4-2xx3-mv29"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/github/gh-ost/commit/a91ab042de013cfd8fbb633763438932d9080d8f"}]}]}, "cveMetadata": {"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2022-21687", "datePublished": "2022-02-01T11:56:17", "dateReserved": "2021-11-16T00:00:00", "dateUpdated": "2024-08-03T02:46:39.432Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:github:gh-ost:*:*:*:*:*:*:*:*", "matchCriteriaId": "3F0C9B81-DCC1-460B-9A59-613BD49953AA", "versionEndExcluding": "1.1.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "gh-ost is a triggerless online schema migration solution for MySQL. Versions prior to 1.1.3 are subject to an arbitrary file read vulnerability. The attacker must have access to the target host or trick an administrator into executing a malicious gh-ost command on a host running gh-ost, plus network access from host running gh-ost to the attack's malicious MySQL server. The `-database` parameter does not properly sanitize user input which can lead to arbitrary file reads."}, {"lang": "es", "value": "gh-ost es una soluci\u00f3n de migraci\u00f3n de esquemas en l\u00ednea sin disparador para MySQL. Las versiones anteriores a 1.1.3 est\u00e1n sujetas a una vulnerabilidad de lectura arbitraria de archivos. El atacante debe tener acceso al host de destino o enga\u00f1ar a un administrador para que ejecute un comando gh-ost malicioso en un host que ejecute gh-ost, adem\u00e1s de tener acceso a la red desde el host que ejecuta gh-ost al servidor MySQL malicioso del ataque. El par\u00e1metro \"-database\" no sanea apropiadamente la entrada del usuario, lo que puede conllevar a lecturas arbitrarias de archivos"}], "id": "CVE-2022-21687", "lastModified": "2022-02-04T17:09:05.193", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 4.0, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2022-02-01T12:15:08.200", "references": [{"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/github/gh-ost/commit/a91ab042de013cfd8fbb633763438932d9080d8f"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/github/gh-ost/security/advisories/GHSA-rrp4-2xx3-mv29"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}